When DDOS attacks become real threats

Government IT managers should be aware that distributed denial of service (DDOS) attacks may become more than just a frustrating nuisance that they need to deal with on their networks. Such attacks may increasingly be used as a ploy used to create background interference during a major emergency. Think of it as creating a communication traffic jam that keeps first responders stuck in low gear.

But first, a little update on where DDOS stands today. A study by Prolexic Technologies reports a 718 percent increase this year in the overall bandwidth consumed by DDOS attacks, while a recent report from Verizon says that most recent DDOS attacks have been launched by activist groups. Many Internet service providers have reported a general increase in DDOS-related traffic.

Meanwhile, the Homeland Security Department and the FBI have issued an alert noting that they are aware of dozens of (TDOS) attacks aimed at government or financial communications centers. This variation is similar to DDOS attacks. Computer-controlled calls are made in a high volume, but they target voice lines rather than computers. So far the targets have been mostly administrative, not 911, telephone lines. But that could change.

Evidence of DDOS attacks launched in conjunction with real emergencies is spotty, but there have been instances.

In 2010, after a hurricane in Myanmar/Burma, an international DDOS attack targeted some of the media sites that had relocated after the storm. This made it difficult for them to share government news.

This year, not long after the Boston Marathon bombing, the social news site Reddit set up a section to allow visitors to post photos and share theories about the event. The pages grew in popularity and received attention from the mainstream press, particularly after it has misidentified several people as suspects. Once that happened, the site became the target of a massive DDOS attack which shut off contact for over 50 minutes while site managers worked to re-rout traffic and address security issues. High-traffic sights often use content delivery networks (CDNs), essentially a distributed system of servers housed at multiple data centers. At the peak of the attack, Reddit was hit with more than 400,000 requests per second to its CDN. The requests came from “thousands of separate IP addresses, all hammering illegitimate requests, and all of them simultaneously changing whenever we would move to counter,” according to a statement made by one of the Reddit editors.

The banking industry has been targeted many thousands of times with DDOS attempts, sometimes in conjunction with specific news events related to economic reports.

Government needs to be aware of these connections because, in extreme situations, DDOS could be used to block Internet access to critical services like traffic controls, river or dam monitoring, contact with police and more.

NEXT: 12 ways to deal with a DDOS attack.

About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.